fix(web): json_encode for REQUEST_URI enter in /reset-password

Ref: https://huntr.dev/bounties/75bd6901-5760-412d-96fc-b664e4644fea/
This commit is contained in:
billchenchina 2021-09-09 21:38:08 +08:00
parent ebf541ab91
commit e357d1cb91
No known key found for this signature in database
GPG Key ID: 90EAD6E362C2E2D3

View File

@ -63,7 +63,7 @@ $(document).ready(function() {
if (!validateResetPwPost()) {
return false;
}
$.post('<?=$_SERVER['REQUEST_URI']?>', {
$.post(json_encode(<?=$_SERVER['REQUEST_URI']?>), {
reset : '',
newPW : md5($('#input-password').val(), "<?= getPasswordClientSalt() ?>")
}, function(res) {